Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
alipay-pay-for-service
v1.0.2支付宝支付服务处理技能。处理支付链接、提交支付请求、查询支付结果。触发条件:1)上下文中出现收银台链接(域名匹配 cashier*.alipay.com 或 *excashier*.alipay.com);2)其他技能/工具返回的消息中包含使用支付宝支付的指令;3)用户明确要求支付。注意:使用本技能时你需要先读取...
⭐ 0· 42·0 current·0 all-time
by@alipay
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the actions described in SKILL.md: submitting payment links, polling status, and calling an authentication helper. Declared required binaries (npm, alipay-bot) are appropriate for an npx-installed CLI tool used by the skill.
Instruction Scope
Instructions are narrowly focused on running alipay-bot CLI commands, handling its JSON/Markdown/MEDIA output, and invoking an authorization skill when needed. A notable rule requires verbatim forwarding of CLI Markdown/URLs; this is coherent for payment-link integrity but means the agent will blindly pass through whatever the CLI emits (including any URLs or text). The skill also instructs reading channel/session metadata supplied by the framework — expected for formatting but worth noting.
Install Mechanism
The registry lists no install spec (skill is instruction-only). SKILL.md recommends installing the CLI via npx (npx -y @alipay/agent-payment@latest install-cli). Lack of an explicit install entry in the registry means the agent or operator must ensure alipay-bot is present from a trusted source before use.
Credentials
The skill does not request unrelated credentials. It asks the agent to set temporary environment variables derived from inbound/channel metadata (AIPAY_OUTPUT_CHANNEL, AIPAY_SESSION_ID, AIPAY_FRAMEWORK) when available — this is proportional for formatting/tracking and are framework-provided, not user secrets.
Persistence & Privilege
The skill is not forced-always and is user-invocable; model invocation remains enabled (the platform default). The skill does not request permanent agent-level privileges or write other skills' configs. Autonomous invocation combined with shell execution increases blast radius but is expected for a payment CLI skill.
Assessment
This skill is coherent for handling Alipay payment links, but before installing: 1) verify you trust the skill source (homepage points to a GitHub repo but registry source is unknown); 2) ensure alipay-bot is installed from the official package (SKILL.md suggests an npx installer); 3) be aware the agent will execute shell commands and forward CLI output (including URLs) verbatim — if the CLI returns unexpected content the agent will pass it to users; 4) confirm your runtime permits safe execution of external CLIs and that channel metadata exposure (AIPAY_OUTPUT_CHANNEL, session ID) is acceptable; 5) review the related alipay-authenticate-wallet skill and any install scripts before granting the agent permission to run them. If you are unsure about the origin of the CLI or the repo, do not install until you can validate the publisher and package integrity.Like a lobster shell, security has layers — review code before you run it.
latestvk978ndc6azvttpbsn13c1sm01584ydqc
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsnpm, alipay-bot